View
217
Download
0
Category
Tags:
Preview:
Citation preview
Zeus Web Server and HP Secure Linux
Andy Pearceandy_pearce@hp.com
Imperatives
• Reduce operational costs
• Build consumer confidence and trust
“… Our servers are now overloaded.”
Caution:
Slow web service can ruin your day!
Even large, expensive infrastructures can fail to scale.
Make it snappy!
• What - too cheap to buy a fast server?
• Oh! So wasting my time’s not a problem?
• We all hate slow web servers.
Zeus
• Speed- transactions/sec
• Scalability- simultaneous connections
- headroom
- number of virtual servers
• Manageability
Cost per SSL transaction
http://www.hp.com/products1/itanium/infolibrary/pdfs/5981-2796EN.pdf
Call to action
• Understand the dangers
• Evolve the barriers
• Follow the advisories
• “Open” security measures
• Build trust
Compartments
• Separate applications
• Separate file system
• Define allowed interaction
• Isolate vulnerabilities
Steps to integration
• Validate (SYSHI)• Create compartment• Install• Create Rules• Test
Contain the application
• Create compartment
• Define rules
COMPARTMENT zeus -> HOST * PORT 53 METHOD UDP NETDEV any
HOST * PORT 53 -> COMPARTMENT zeus METHOD UDP NETDEV any
HOST * COMPARTMENT zeus PORT 80 METHOD TCP NETDEV any
HOST * COMPARTMENT zeus PORT 443 METHOD TCP NETDEV any
HOST * COMPARTMENT zeus PORT 9090 METHOD TCP NETDEV any
Running the Web Server
• File system- Copy files required
• Run compartment
• Seal compartment
Applications
• Add FastCGI (or CGI)
• Add PHP
• Create compartment(s)
• Experiment
MySQL
• Same approach
• Install in root file system
• Rules to enable access from PHP
Familiarity
• Pilot the application
• Define the issues (for your circumstances)
• Security is knowledge
Conclusion
• Efficiency (performance) to drive lower cost of operation.
• Evolution of security measures to build customer confidence
Recommended